IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998)

Feb 23, 2017 10:00 am EST | High Severity

An improperly formatted SELECT command to an IBM Tivoli Storage Manager (IBM Spectrum Protect) Server can cause a buffer overflow that could allow an attacker to execute arbitrary code on the server. CVE(s): CVE-2016-8998 Affected product(s) and affected version(s): This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels: Note that ...read more


IBM Security Bulletin: IBM WebSphere MQ cluster channel definition causes denial of service to cluster (CVE-2016-9009)

Feb 23, 2017 10:00 am EST | Low Severity

A cluster receiver channel definition could be altered in a way that leads to corruption in cluster repository information. This could lead to malfunction and a potential denial of service for an MQ cluster. CVE(s): CVE-2016-9009 Affected product(s) and affected version(s): IBM WebSphere MQ V8.0 IBM WebSphere MQ V8.0.0.0 – 8.0.0.5 maintenance levels. Refer to ...read more


IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza PureData System for Analytics (CVE-2016-8610)

Feb 23, 2017 10:00 am EST | High Severity

OpenSource OpenSSL is used by IBM Netezza PureData for Analytics. IBM Netezza PureData for Analytics has addressed the applicable CVEs. CVE(s): CVE-2016-8610 Affected product(s) and affected version(s): IBM Netezza clients from any of the following releases: Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21997472X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118296 ...read more


IBM Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to SWEET32 Birthday attack (CVE-2016-2183)

Feb 23, 2017 10:00 am EST | Low Severity

A security vulnerability affects IBM MQ and IBM MQ Appliance, that could allow an attacker to obtain sensitive information when using a channel CipherSpec that uses the Triple-DES algorithm. The affected CipherSpecs are: – TRIPLE_DES_SHA_US – FIPS_WITH_3DES_EDE_CBC_SHA – ECDHE_ECDSA_3DES_EDE_CBC_SHA256 – ECDHE_RSA_3DES_EDE_CBC_SHA256 CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): The following versions are affected: IBM MQ ...read more


IBM Security Bulletin: Information disclosure CVE-2016-9975 affects IBM Dashboard Application Services Hub (DASH)

Feb 23, 2017 10:00 am EST | Medium Severity

IBM Tivoli Widget Library (TWL), a sub component of DASH that in turn is bundled in IBM Jazz for Service Management (JazzSM) is affected by Cross Site Request Forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. CVE(s): CVE-2016-9975 Affected product(s) and affected version(s): ...read more


IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere MQ (CVE-2016-2106, CVE-2016-2109)

Feb 23, 2017 10:00 am EST | Medium Severity

OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere MQ. IBM WebSphere MQ has addressed the applicable CVEs. CVE(s): CVE-2016-2106, CVE-2016-2109 Affected product(s) and affected version(s): IBM WebSphere MQ V8.0 – Advanced Message Security on IBM i only IBM WebSphere MQ 8.0.0.5 and previous levels of ...read more


IBM Security Bulletin: Mutiple vulnerabilities in zlib affect IBM ILOG CPLEX Optimization Studio

Feb 22, 2017 10:00 am EST | Low Severity

The gz feature, provided by the open source zlib, is used to decompress files automatically. A denial of service may be caused by four potential vulnerabilities. CVE(s): CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 Affected product(s) and affected version(s): IBM CPLEX Optimization Studio (COS) v12.7 and earlier IBM CPLEX Enterprise Server (CES) v12.7 and earlier Refer to the ...read more


IBM Security Bulletin: Multiple vulnerabilities in Brocade Network Advisor affect IBM PureApplication System.

Feb 22, 2017 10:00 am EST | High Severity

Brocade Network Advisor is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs. CVE(s): CVE-2016-8204, CVE-2016-8207, CVE-2016-8205, CVE-2016-8206 Affected product(s) and affected version(s): IBM PureApplication System V2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21998725X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120392X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120395X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120393X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120394 ...read more


IBM Security Bulletin: Potential cross-site scripting in the Admin Console for WebSphere Application Server (CVE-2016-8934)

Feb 22, 2017 10:00 am EST | Medium Severity

There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. CVE(s): CVE-2016-8934 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server traditional: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more